All of lore.kernel.org
 help / color / mirror / Atom feed
From: Jonathan Tripathy <jonnyt@abpni.co.uk>
To: Xen-devel@lists.xensource.com
Subject: Security Implications of letting customers use their own kernel
Date: Wed, 15 Dec 2010 12:26:28 +0000	[thread overview]
Message-ID: <4D08B3F4.7020008@abpni.co.uk> (raw)

Hi Everyone,

What are the security implications of letting customers install their 
own kernel?

In my own research, I have only seen things that would compromise their 
own DomU. My main area on concern is to protect all the other DomUs.

An area of potential concern is if someone were to build a kernel that 
enabled "No Execute" or "Disable Execution", could that compromise other 
DomUs? Or would that just leave their DomU vulnerable to running 
malicious code?

Anyone aware of anything else?

Thanks

             reply	other threads:[~2010-12-15 12:26 UTC|newest]

Thread overview: 5+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2010-12-15 12:26 Jonathan Tripathy [this message]
2010-12-16  3:51 ` Security Implications of letting customers use theirown kernel James Harper
2010-12-16 12:03   ` George Dunlap
2010-12-16 12:06     ` Jonathan Tripathy
2010-12-16 13:05     ` Paolo Bonzini

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=4D08B3F4.7020008@abpni.co.uk \
    --to=jonnyt@abpni.co.uk \
    --cc=Xen-devel@lists.xensource.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.